Hi Tuomo, > You can change this behaviour by changing vpn-vpn policy in policy > file. Default policy in shorewall is ACCEPT for inter-zone traffic. I assume you are referring to the policy file. If so, mine contains: $FW net ACCEPT net all DROP #$LOG_LEVEL vpn all REJECT $LOG_LEVEL all all REJECT $LOG_LEVEL The second last line to drop VPN traffic was added to test if the firewall was having any affect. What I found was that with routeback and even with that policy to reject VPN traffic it is still allowed. I am familiar with this configuration, I had it working before on an older system that that was lost due to a hard rive crash. I also ots of experience with Shorewall. The only difference is this time I am using Debian instead of Ubuntu and it seems like routeback is not behaving as it did in the past. Simon _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Shorewall with OpenVPN Hub and Spoke
simonseys via Shorewall-users Wed, 11 Dec 2024 07:05:29 -0800
- [Shorewall-users] Shorewall wit... simonseys via Shorewall-users
- Re: [Shorewall-users] Shor... Tuomo Soini via Shorewall-users
- Re: [Shorewall-users] ... simonseys via Shorewall-users
- Re: [Shorewall-use... Tuomo Soini via Shorewall-users
- Re: [Shorewall-users] Shor... Justin Pryzby
- Re: [Shorewall-users] ... Robert K Coffman Jr. -Info From Data Corp.
